On Wed, 6 Sep 2023 18:34:29 GMT, Mandy Chung <mch...@openjdk.org> wrote:
> This reimplements > `sun.reflect.ReflectionFactory::newConstructorForSerialization` with method > handles. > > This API currently generates the bytecode which fails the verification > because `new C; invokespecial A()` where the given class `C` and invoke a > no-arg constructor of `C`'s first non-`Serializable` superclass `A` is not a > valid operation per the VM specification. VM special cases the classes > generated for reflection to skip verification for the constructors generated > for serialization and externalization. This change will allow such VM hack > to be removed. > > A `jdk.reflect.useOldSerializableConstructor` system property can be set to > use the old implementation in case if customers run into any compatibility > issue. I expect this change has very low compatibility risk. This system > property is undocumented and will be removed in a future release. src/java.base/share/classes/jdk/internal/reflect/MethodHandleAccessorFactory.java line 127: > 125: static ConstructorAccessorImpl > newSerializableConstructorAccessor(Class<?> decl, Constructor<?> ctor) { > 126: if (!constructorInSuperclass(decl, ctor)) { > 127: throw new UnsupportedOperationException(ctor + " not a > superclass of " + decl.getName()); Notice in JShell 20, you could do this: jshell> import sun.reflect.ReflectionFactory; jshell> var rf = ReflectionFactory.getReflectionFactory() jshell> var c = rf.newConstructorForSerialization(String.class, Boolean.class.getConstructor(boolean.class)) jshell> String d = (String) c.newInstance(false) jshell> d.length() which ends up in an NPE for `d.value` is null. This UOE is technically a new behavior that should be mentioned in the CSR. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15600#discussion_r1317878647